mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-server-legacy/src/main/java/org/opends/server/crypto/CryptoManagerSync.java
@@ -233,11 +233,11 @@ { if (searchEntry.hasObjectClass(ocCipherKey)) { DirectoryServer.getCryptoManager().importCipherKeyEntry(searchEntry); getCryptoManager().importCipherKeyEntry(searchEntry); } else if (searchEntry.hasObjectClass(ocMacKey)) { DirectoryServer.getCryptoManager().importMacKeyEntry(searchEntry); getCryptoManager().importMacKeyEntry(searchEntry); } } catch (CryptoManagerException e) @@ -248,6 +248,11 @@ } } private CryptoManagerImpl getCryptoManager() { return DirectoryServer.getCryptoManager(); } private void handleInstanceKeySearchEntry(SearchResultEntry searchEntry) throws DirectoryException @@ -414,11 +419,11 @@ { if (entry.hasObjectClass(ocCipherKey)) { DirectoryServer.getCryptoManager().importCipherKeyEntry(entry); getCryptoManager().importCipherKeyEntry(entry); } else if (entry.hasObjectClass(ocMacKey)) { DirectoryServer.getCryptoManager().importMacKeyEntry(entry); getCryptoManager().importMacKeyEntry(entry); } } catch (CryptoManagerException e) @@ -487,11 +492,11 @@ { if (newEntry.hasObjectClass(ocCipherKey)) { DirectoryServer.getCryptoManager().importCipherKeyEntry(newEntry); getCryptoManager().importCipherKeyEntry(newEntry); } else if (newEntry.hasObjectClass(ocMacKey)) { DirectoryServer.getCryptoManager().importMacKeyEntry(newEntry); getCryptoManager().importMacKeyEntry(newEntry); } } catch (CryptoManagerException e) opendj-server-legacy/src/main/java/org/opends/server/crypto/GetSymmetricKeyExtendedOperation.java
@@ -16,29 +16,30 @@ */ package org.opends.server.crypto; import static org.opends.messages.ExtensionMessages.*; import java.io.IOException; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.io.ASN1; import org.forgerock.opendj.io.ASN1Reader; import org.forgerock.opendj.io.ASN1Writer; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ByteStringBuilder; import org.forgerock.opendj.ldap.DecodeException; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.server.config.server. GetSymmetricKeyExtendedOperationHandlerCfg; import org.opends.server.api.ExtendedOperationHandler; import org.forgerock.opendj.config.server.ConfigException; import org.opends.server.core.DirectoryServer; import org.opends.server.core.ExtendedOperation; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.io.ASN1; import org.forgerock.opendj.ldap.DecodeException; import org.forgerock.opendj.io.ASN1Reader; import org.forgerock.opendj.io.ASN1Writer; import org.opends.server.types.*; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ByteStringBuilder; import org.opends.server.types.CryptoManagerException; import org.opends.server.types.InitializationException; import org.opends.server.util.ServerConstants; import org.opends.server.util.StaticUtils; import static org.opends.messages.ExtensionMessages.*; /** * This class implements the get symmetric key extended operation, an OpenDS * proprietary extension used for distribution of symmetric keys amongst opendj-server-legacy/src/main/java/org/opends/server/extensions/AESPasswordStorageScheme.java
@@ -16,24 +16,26 @@ */ package org.opends.server.extensions; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.server.config.server.AESPasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.forgerock.opendj.config.server.ConfigException; import org.opends.server.core.DirectoryServer; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.opends.server.types.*; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ByteSequence; import java.util.Arrays; import static org.opends.messages.ExtensionMessages.*; import static org.opends.server.extensions.ExtensionsConstants.*; import static org.opends.server.util.StaticUtils.*; import java.util.Arrays; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.ldap.ByteSequence; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.server.config.server.AESPasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.opends.server.core.DirectoryServer; import org.opends.server.types.CryptoManager; import org.opends.server.types.DirectoryException; import org.opends.server.types.InitializationException; /** * This class defines a Directory Server password storage scheme that will * encode values using the AES reversible encryption algorithm. This @@ -66,7 +68,7 @@ AESPasswordStorageSchemeCfg configuration) throws ConfigException, InitializationException { cryptoManager = DirectoryServer.getCryptoManager(); cryptoManager = DirectoryServer.getInstance().getServerContext().getCryptoManager(); } @Override opendj-server-legacy/src/main/java/org/opends/server/extensions/BlowfishPasswordStorageScheme.java
@@ -16,24 +16,26 @@ */ package org.opends.server.extensions; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.server.config.server.BlowfishPasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.forgerock.opendj.config.server.ConfigException; import org.opends.server.core.DirectoryServer; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.opends.server.types.*; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ByteSequence; import java.util.Arrays; import static org.opends.messages.ExtensionMessages.*; import static org.opends.server.extensions.ExtensionsConstants.*; import static org.opends.server.util.StaticUtils.*; import java.util.Arrays; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.ldap.ByteSequence; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.server.config.server.BlowfishPasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.opends.server.core.DirectoryServer; import org.opends.server.types.CryptoManager; import org.opends.server.types.DirectoryException; import org.opends.server.types.InitializationException; /** * This class defines a Directory Server password storage scheme that will * encode values using the Blowfish reversible encryption algorithm. This @@ -66,7 +68,7 @@ BlowfishPasswordStorageSchemeCfg configuration) throws ConfigException, InitializationException { cryptoManager = DirectoryServer.getCryptoManager(); cryptoManager = DirectoryServer.getInstance().getServerContext().getCryptoManager(); } @Override opendj-server-legacy/src/main/java/org/opends/server/extensions/RC4PasswordStorageScheme.java
@@ -16,24 +16,26 @@ */ package org.opends.server.extensions; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.server.config.server.RC4PasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.forgerock.opendj.config.server.ConfigException; import org.opends.server.core.DirectoryServer; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.opends.server.types.*; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ByteSequence; import java.util.Arrays; import static org.opends.messages.ExtensionMessages.*; import static org.opends.server.extensions.ExtensionsConstants.*; import static org.opends.server.util.StaticUtils.*; import java.util.Arrays; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.ldap.ByteSequence; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.server.config.server.RC4PasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.opends.server.core.DirectoryServer; import org.opends.server.types.CryptoManager; import org.opends.server.types.DirectoryException; import org.opends.server.types.InitializationException; /** * This class defines a Directory Server password storage scheme that will * encode values using the RC4 reversible encryption algorithm. This @@ -66,7 +68,7 @@ RC4PasswordStorageSchemeCfg configuration) throws ConfigException, InitializationException { cryptoManager = DirectoryServer.getCryptoManager(); cryptoManager = DirectoryServer.getInstance().getServerContext().getCryptoManager(); } @Override opendj-server-legacy/src/main/java/org/opends/server/extensions/TripleDESPasswordStorageScheme.java
@@ -16,24 +16,26 @@ */ package org.opends.server.extensions; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.server.config.server.TripleDESPasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.forgerock.opendj.config.server.ConfigException; import org.opends.server.core.DirectoryServer; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.opends.server.types.*; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ByteSequence; import java.util.Arrays; import static org.opends.messages.ExtensionMessages.*; import static org.opends.server.extensions.ExtensionsConstants.*; import static org.opends.server.util.StaticUtils.*; import java.util.Arrays; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.ldap.Base64; import org.forgerock.opendj.ldap.ByteSequence; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.server.config.server.TripleDESPasswordStorageSchemeCfg; import org.opends.server.api.PasswordStorageScheme; import org.opends.server.core.DirectoryServer; import org.opends.server.types.CryptoManager; import org.opends.server.types.DirectoryException; import org.opends.server.types.InitializationException; /** * This class defines a Directory Server password storage scheme that will * encode values using the triple-DES (DES/EDE) reversible encryption algorithm. @@ -66,7 +68,7 @@ TripleDESPasswordStorageSchemeCfg configuration) throws ConfigException, InitializationException { cryptoManager = DirectoryServer.getCryptoManager(); cryptoManager = DirectoryServer.getInstance().getServerContext().getCryptoManager(); } @Override opendj-server-legacy/src/main/java/org/opends/server/protocols/http/authz/HttpOAuth2AuthorizationMechanism.java
@@ -23,7 +23,6 @@ import static org.forgerock.opendj.rest2ldap.authz.Authorization.newConditionalOAuth2ResourceServerFilter; import static org.forgerock.opendj.rest2ldap.authz.ConditionalFilters.newConditionalFilter; import static org.opends.messages.ConfigMessages.ERR_CONFIG_OAUTH2_INVALID_JSON_POINTER; import static org.opends.server.core.DirectoryServer.getCryptoManager; import static org.opends.server.core.DirectoryServer.getIdentityMapper; import static org.opends.server.core.DirectoryServer.getKeyManagerProvider; import static org.opends.server.core.DirectoryServer.getTrustManagerProvider; @@ -48,7 +47,9 @@ import org.forgerock.util.promise.Promise; import org.forgerock.util.time.Duration; import org.forgerock.util.time.TimeService; import org.opends.server.core.DirectoryServer; import org.opends.server.core.ServerContext; import org.opends.server.types.CryptoManager; import org.opends.server.types.DirectoryException; /** @@ -120,8 +121,9 @@ ? getTrustManagerProvider(trustManagerDN).getTrustManagers() : null); options.set(OPTION_KEY_MANAGERS, keyManagerDN != null ? getKeyManagerProvider(keyManagerDN).getKeyManagers() : null); options.set(OPTION_SSL_CIPHER_SUITES, new ArrayList<>(getCryptoManager().getSslCipherSuites())); options.set(OPTION_SSL_ENABLED_PROTOCOLS, new ArrayList<>(getCryptoManager().getSslProtocols())); CryptoManager cryptoManager = DirectoryServer.getInstance().getServerContext().getCryptoManager(); options.set(OPTION_SSL_CIPHER_SUITES, new ArrayList<>(cryptoManager.getSslCipherSuites())); options.set(OPTION_SSL_ENABLED_PROTOCOLS, new ArrayList<>(cryptoManager.getSslProtocols())); return options; } catch (DirectoryException e) opendj-server-legacy/src/main/java/org/opends/server/replication/protocol/ReplSessionSecurity.java
@@ -12,12 +12,14 @@ * information: "Portions Copyright [year] [name of copyright owner]". * * Copyright 2008 Sun Microsystems, Inc. * Portions Copyright 2011-2015 ForgeRock AS. * Portions Copyright 2011-2016 ForgeRock AS. */ package org.opends.server.replication.protocol; import static org.opends.messages.ReplicationMessages.*; import static org.opends.server.util.StaticUtils.*; import java.io.IOException; import org.forgerock.i18n.slf4j.LocalizedLogger; import java.net.Socket; import java.util.SortedSet; @@ -26,12 +28,10 @@ import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigException; import org.opends.server.core.DirectoryServer; import org.opends.server.types.CryptoManager; import org.opends.server.types.DirectoryConfig; import static org.opends.messages.ReplicationMessages.*; import static org.opends.server.util.StaticUtils.*; /** * This class represents the security configuration for replication protocol @@ -80,10 +80,10 @@ public ReplSessionSecurity() throws ConfigException { // Currently use global settings from the crypto manager. this(DirectoryConfig.getCryptoManager().getSslCertNicknames(), DirectoryConfig.getCryptoManager().getSslProtocols(), DirectoryConfig.getCryptoManager().getSslCipherSuites(), DirectoryConfig.getCryptoManager().isSslEncryption()); this(getCryptoManager().getSslCertNicknames(), getCryptoManager().getSslProtocols(), getCryptoManager().getSslCipherSuites(), getCryptoManager().isSslEncryption()); } @@ -162,8 +162,7 @@ { // Create a new SSL context every time to make sure we pick up the // latest contents of the trust store. final CryptoManager cryptoManager = DirectoryConfig.getCryptoManager(); final SSLContext sslContext = cryptoManager.getSslContext(REPLICATION_CLIENT_NAME, sslCertNicknames); final SSLContext sslContext = getCryptoManager().getSslContext(REPLICATION_CLIENT_NAME, sslCertNicknames); final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); secureSocket = (SSLSocket) sslSocketFactory.createSocket( @@ -197,7 +196,10 @@ } } private static CryptoManager getCryptoManager() { return DirectoryServer.getInstance().getServerContext().getCryptoManager(); } /** * Create a new protocol session in the server role on the provided socket. @@ -224,8 +226,7 @@ { // Create a new SSL context every time to make sure we pick up the // latest contents of the trust store. final CryptoManager cryptoManager = DirectoryConfig.getCryptoManager(); final SSLContext sslContext = cryptoManager.getSslContext(REPLICATION_SERVER_NAME, sslCertNicknames); final SSLContext sslContext = getCryptoManager().getSslContext(REPLICATION_SERVER_NAME, sslCertNicknames); final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); secureSocket = (SSLSocket) sslSocketFactory.createSocket( opendj-server-legacy/src/main/java/org/opends/server/types/DirectoryConfig.java
@@ -47,16 +47,6 @@ public final class DirectoryConfig { /** * Retrieves a reference to the Directory Server crypto manager. * * @return A reference to the Directory Server crypto manager. */ public static CryptoManager getCryptoManager() { return DirectoryServer.getCryptoManager(); } /** * Retrieves the operating system on which the Directory Server is * running. * opendj-server-legacy/src/main/java/org/opends/server/util/BackupManager.java
@@ -175,7 +175,7 @@ CryptoEngine(boolean shouldEncrypt) { cryptoManager = DirectoryServer.getCryptoManager(); cryptoManager = DirectoryServer.getInstance().getServerContext().getCryptoManager(); this.shouldEncrypt = shouldEncrypt; }
@@ -16,6 +16,17 @@ */ package org.opends.server.crypto; import static org.assertj.core.api.Assertions.*; import static org.forgerock.opendj.ldap.LDAPConnectionFactory.*; import static org.forgerock.opendj.ldap.ModificationType.*; import static org.forgerock.opendj.ldap.SearchScope.*; import static org.opends.server.TestCaseUtils.*; import static org.opends.server.config.ConfigConstants.*; import static org.opends.server.protocols.internal.InternalClientConnection.*; import static org.opends.server.protocols.internal.Requests.*; import static org.opends.server.types.Attributes.*; import static org.testng.Assert.*; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; @@ -57,17 +68,6 @@ import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import static org.assertj.core.api.Assertions.*; import static org.forgerock.opendj.ldap.LDAPConnectionFactory.*; import static org.forgerock.opendj.ldap.ModificationType.*; import static org.forgerock.opendj.ldap.SearchScope.*; import static org.opends.server.TestCaseUtils.*; import static org.opends.server.config.ConfigConstants.*; import static org.opends.server.protocols.internal.InternalClientConnection.*; import static org.opends.server.protocols.internal.Requests.*; import static org.opends.server.types.Attributes.*; import static org.testng.Assert.*; /** This class tests the CryptoManager. */ @@ -242,7 +242,7 @@ @Test(dataProvider="cipherParametersData") public void testEncryptDecryptSuccess(CipherParameters cp) throws Exception { final CryptoManager cm = DirectoryServer.getCryptoManager(); final CryptoManager cm = getServerContext().getCryptoManager(); final String secretMessage = "1234"; final byte[] cipherText = (null == cp.getTransformation()) @@ -305,7 +305,7 @@ public void testKeyEntryReuse() throws Exception { final CryptoManager cm = DirectoryServer.getCryptoManager(); final CryptoManager cm = TestCaseUtils.getServerContext().getCryptoManager(); final String secretMessage = "zyxwvutsrqponmlkjihgfedcba"; final byte[] cipherText = cm.encrypt(secretMessage.getBytes()); @@ -335,7 +335,7 @@ @Test public void testKeyPersistence() throws Exception { final CryptoManager cm = DirectoryServer.getCryptoManager(); final CryptoManager cm = getServerContext().getCryptoManager(); final String secretMessage = "zyxwvutsrqponmlkjihgfedcba"; final byte[] cipherText = cm.encrypt("Blowfish/CFB/NoPadding", 128, @@ -363,7 +363,7 @@ */ @Test public void testCompromisedKey() throws Exception { final CryptoManager cm = DirectoryServer.getCryptoManager(); final CryptoManager cm = getServerContext().getCryptoManager(); final String secretMessage = "zyxwvutsrqponmlkjihgfedcba"; final String cipherTransformationName = "AES/CBC/PKCS5Padding"; final int cipherKeyLength = 128; opendj-server-legacy/src/test/java/org/opends/server/replication/server/ReplicationServerTest.java
@@ -16,6 +16,13 @@ */ package org.opends.server.replication.server; import static org.forgerock.opendj.ldap.ModificationType.*; import static org.opends.server.TestCaseUtils.*; import static org.opends.server.replication.protocol.OperationContext.*; import static org.opends.server.util.CollectionUtils.*; import static org.opends.server.util.StaticUtils.*; import static org.testng.Assert.*; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketTimeoutException; @@ -60,7 +67,6 @@ import org.opends.server.replication.protocol.WindowProbeMsg; import org.opends.server.replication.service.ReplicationBroker; import org.opends.server.types.Attributes; import org.opends.server.types.DirectoryConfig; import org.opends.server.types.DirectoryException; import org.opends.server.types.Entry; import org.opends.server.types.HostPort; @@ -71,13 +77,6 @@ import org.testng.annotations.BeforeClass; import org.testng.annotations.Test; import static org.forgerock.opendj.ldap.ModificationType.*; import static org.opends.server.TestCaseUtils.*; import static org.opends.server.replication.protocol.OperationContext.*; import static org.opends.server.util.CollectionUtils.*; import static org.opends.server.util.StaticUtils.*; import static org.testng.Assert.*; /** Tests for the replicationServer code. */ @SuppressWarnings("javadoc") public class ReplicationServerTest extends ReplicationTestCase @@ -858,7 +857,7 @@ ReplSessionSecurity replSessionSecurity = getReplSessionSecurity(); Session session = replSessionSecurity.createClientSession(socket, timeoutMS); boolean sslEncryption = DirectoryConfig.getCryptoManager().isSslEncryption(); boolean sslEncryption = getServerContext().getCryptoManager().isSslEncryption(); try { opendj-server-legacy/src/test/java/org/opends/server/replication/server/changelog/file/FileReplicaDBTest.java
@@ -23,9 +23,9 @@ import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DN; import org.forgerock.util.time.TimeService; import org.opends.server.TestCaseUtils; import org.opends.server.core.DirectoryServer; import org.opends.server.crypto.CryptoSuite; import org.opends.server.replication.ReplicationTestCase; import org.opends.server.replication.common.CSN; @@ -37,7 +37,6 @@ import org.opends.server.replication.server.changelog.api.ChangelogException; import org.opends.server.replication.server.changelog.api.DBCursor; import org.opends.server.replication.server.changelog.api.DBCursor.PositionStrategy; import org.forgerock.opendj.ldap.DN; import org.testng.annotations.BeforeClass; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; @@ -114,7 +113,7 @@ private CryptoSuite createCryptoSuite(boolean confidential) { return DirectoryServer.getCryptoManager().newCryptoSuite(cipherTransformation, keyLength, confidential); return getServerContext().getCryptoManager().newCryptoSuite(cipherTransformation, keyLength, confidential); } @Test public void testDomainDNWithForwardSlashes() throws Exception
